Thank you for answer. As you said, If I don't find any solution, I have to install another HF. ... View more

Hi, Create a Splunk account if you don't have one already. Login to Splunk and go to the "Add Data" page by clicking on the "Add Data" button in the main menu. Select "HTTP Event Collector" as the data source. Create a new HTTP Event Collector token by clicking on the "New Token" button. Give a name to the token and click on the "Create" button. Copy the token value and save it for later use. In your Heroku dashboard, go to the app you want to monitor. Add the Splunk Add-on to the app by running the following command in your terminal: $ heroku addons:create splunk $ heroku addons:open splunk   This will open the Splunk Add-on configuration page in your browser. Enter the token value in the "HEC Token" field and click on "Save". Once the Splunk Add-on is configured, you can start sending logs to Splunk by adding the following configuration to your app's log drain:   Splunk Cloud $ heroku drains:add https://input-output.cloud.splunk.com:443/inputs/http/<HEC Token> Splunk $ heroku drains:add https://splunk.yourdomain.com:443/inputs/http/<HEC Token>   Or you can send syslog. https://www.splunk.com/en_us/blog/tips-and-tricks/splunking-heroku.html?locale=en_us ... View more

I believe that the problem might be caused by internet access. Does your machine have internet access? Some JS and CSS files may be retrieved from the CDNs on the internet. ... View more

Also , you can try this.    LINE_BREAKER = ()[\[\w\.\]]+ ... View more

Can you try in props.conf this config: LINE_BREAKER = ([\r\n]+)[\[\w\.\]]+ ... View more

You can try this ;  | inputlookup append=true test1.csv | eval order = "test1.csv" | inputlookup append=true test2.csv | eval order = if(isnull(order),"test2.csv",order) | inputlookup append=true test3.csv | eval order = if(isnull(order),"test3.csv",order) ... View more

Also you can try this ;  | eval status = if(match(_raw,"Main function executed successfully. "),"Success","No Sucess Message") ... View more

hi, I think,That's reason zombie process. If that possible can you reboot your server ? , If is not can you kill splunkd process with kill -9 command. But these two option is dangerous for production environment. Please be careful. After the reboot, with ps command find which user manege your splunkd process. ps auxf|grep splunk ... View more

Hi, That is possible. for windows uf's  inputs.conf; [script://.\\bin\\script.bat] disabled = False interval = 43200   For linux uf's; inputs.conf [script://.\\bin\\script.sh] disabled = False interval = 43200   Finally ;  You must put script in bin folder same app. Example bin folder; custom_app/bin/script.bat custom_app/bin/script.sh Example local folder; custom_app/local/inputs.conf must be like above. ... View more

Hi, You thinking wrong because you calculate difference field.  Try This ;    | makeresults | eval tt0=relative_time(now(),"-10m@m"), tt1=now() | eval diff = tt1 - tt0 | eval diff = tostring(diff,"duration") ... View more

Everythings is correct. Also I get logs properly. I installed apps necessary. Which add-ons must for integrate apache and splunk itsi. ... View more